Hackers who stole information from law firms and made millions by insider trading, fined $9 million

Law firms, PR agencies, newswires, accountants… all manner of firms need to ensure that they are working hard to secure the information entrusted to them by their corporate clients, and keep it out of unauthorised hands.

Three Chinese citizens have been ordered to pay $8.8 million, after hacking into two prominent New York-based law firms, stealing sensitive plans for upcoming corporate mergers and acquisitions, and trading shares using non-public inside information.

26-year-old Iat Hong, 30-year-old Bo Zheng, and Hung Chin, 50, have been fined $8,895,561.12 after allegedly racking up almost $3 million in illegal profits through their insider trading scheme.

The hackers are said to have installed malware on networks belonging to the law firms, compromised IT administrator accounts that gave them access to every email account at the companies, and stolen huge dozens of gigabytes of email archives. Hong and Zheng are said to have been particularly keen to steal the emails of attorneys involved in mergers and acquisitions because of the potential for huge rewards. Five other law firms were also targeted by the hacking gang, but managed to repel the attacks.

The US Securities and Exchange Commission (SEC) claims that the hackers spent approximately $7.5 million in just one month, buying shares in Altera, a semiconductor company. The reason? Hong, Zheng and Chin knew of an unreleased report that the company was in talks to be acquired by Intel Corporation.

In another incident, Hong and Chin are said on some days to have purchased so many shares in e-commerce company Borderfree that they accounted for at least 25% of the company’s trading volume, in advance of an accouncement about a 2015 deal. Hong and Zheng, meanwhile, are said to have profited by trading shares in InterMune, a pharmaceutical company, in advance of a 2014 merger announcement.

As BBC Newsreports, the three men face a number of other serious charges, and could face lengthy prison sentences if found guilty. Of course, whether the men arrive on US soil is a different matter entirely. None of them responded to the complaints or appeared in court to contest the charges.

The SEC says that this cases marks the first time it has brought charges against criminals hacking into the computer networks of law firms. That may well be the case, but it certainly isn’t the first time we have heard of hackers stealing information to assist them in insider trading.

For instance, in early 2016 the security headlines were full of stories of how Ukrainian hackers had stolen more than 100,000 news releases (including quarterly financial results) from publicly traded companies before they were made public, and used the information contained within to make huge profits on the stock market.

Vadym Iermolovych, 28 years old at the time he pleaded guilty, was part of a gang that broke into computer networks belonging to the likes of PR Newswire and Business Wire, and passed information on to a group of crooked securities traders. $30 million is said to have been made through their criminal escapade.

Law firms, PR agencies, newswires, accountants… all manner of firms need to ensure that they are working hard to secure the information entrusted to them by their corporate clients, and keep it out of unauthorised hands.